Salesforce Files Connect Implementation Guide

Salesforce Files Connect Implementation Guide

Salesforce Files Connect Implementation Guide

Salesforce Files Connect Implementation Guide Salesforce, Spring ’18 @salesforcedocs Last updated: February 1, 2018

Salesforce Files Connect Implementation Guide

© Copyright 2000–2018 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com, inc., as are other names and marks. Other marks appearing herein may be trademarks of their respective owners.

CONTENTS FILES CONNECT FOR ADMINISTRATORS . 1 The Files Connect Setup Process . 1 Enable Salesforce Files Connect for Your Organization . 2 Let Users and Administrators Access Files Connect Data Sources .

3 Create an Authentication Provider for Box . 4 Define an External Data Source for Box . 5 Create an Authentication Provider for Google Drive . 6 Define an External Data Source for Google Drive . 7 Create an Authentication Provider for SharePoint Online Using Azure (Preferred Method . 8 Create an Authentication Provider for SharePoint Online or OneDrive for Business Using Office 365 (Alternate Method . 10 Define an External Data Source for SharePoint Online or OneDrive for Business . 13 Set Up a Secure Agent for SharePoint 2010 or 2013 . 14 Ensure Access with Secure Agent Clusters . 19 Define an External Data Source for SharePoint 2010 or 2013 .

20 Include a Files Connect Data Source in Global Search . 21 Include SharePoint Custom Properties in Search, SOQL, and SOSL Queries . 25 FILES CONNECT FOR USERS . 27 Set Up Authentication to an External Data Source . 27 Manage Your Files Connect External Data Source Authentication Credentials . 28 Access and Share Files Connect External Files . 29 Search for Files Connect External Files . 32

FILES CONNECT FOR ADMINISTRATORS The Files Connect Setup Process EDITIONS Available in: both Salesforce Classic and Lightning Experience Files Connect for cloud-based external data sources is available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions The setup process for Files Connect differs for cloud-based and on-premises external data sources. Files Connect for on-premises external data sources is available only to customers who have the paid permission set license. This license is no longer available for purchase. Tip: For detailed visuals, tips, and troubleshooting, see the Files Connect Setup Guide and User Guide.

First, enable Files Connect, and let users access related external data sources 1. Enable Salesforce Files Connect for Your Organization. 2. Let Users and Administrators Access Files Connect Data Sources. For cloud-based data sources, create an authentication provider, and then define the source If you use Google Drive: 1. Create an Authentication Provider for Google Drive. 2. Define an External Data Source for Google Drive. If you use Quip: 1. Set up a Quip Auth. Provider. 2. Configure OAuth for Quip. 3. Add an External Data Source. If you use Microsoft’s cloud systems: 1. Create an Authentication Provider for SharePoint Online Using Azure (Preferred Method).

2. Define an External Data Source for SharePoint Online or OneDrive for Business. If you use Box: 1. Create an Authentication Provider for Box. 2. Define an External Data Source for Box. 1

For on-premises data sources, set up a Secure Agent, and then define the source Note: This process is available only to customers who have the paid permission set license, “Files Connect for on-premises external data sources.” This license is no longer available for purchase. 1. Set Up a Secure Agent for SharePoint 2010 or 2013 on a Linux or Windows server to securely connect Salesforce to data stored behind your firewall. 2. Define an External Data Source for SharePoint 2010 or 2013. Include the external data in global search To let users access external data in global Salesforce searches, you’ll need to create an external object and give users access to its fields.

This is an optional step, but highly recommended to best integrate external data with Salesforce.

For per-user data sources, have users authenticate in Salesforce If you specified per-user authentication for a data source and exposed it through profiles or permission sets, ask authorized users to provide their data source credentials. Start accessing, sharing, and searching external files! Now users can access and share external files via the Files tab and feed, and search for them right alongside their Salesforce content. Enable Salesforce Files Connect for Your Organization EDITIONS Available in: both Salesforce Classic and Lightning Experience Files Connect for cloud-based external data sources is available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To enable Salesforce Files Connect: • Customize Application Let users search and share files from external systems like Google Drive and SharePoint.

1. From Setup, enter Files Connect in the Quick Find box, then select Files Connect under Settings.

2. Click Edit, and then select Enable Files Connect. 3. For File Sharing, select one of the following: • Copy stores a copy of external files in Salesforce. If files are shared with a Chatter group, all group members can access the files, even if they lack access to the external system. • Reference points to external files stored outside Salesforce. No file previews are available, andfiledownloadsrequireuseraccesstotheexternalsystem.(Usersmustentercredent ials forthesystemintheAuthenticationSettingsforExternalSystemssectionofpersonals etup). Tip: Choose the Copy mode if your organization shares files with external customers or partners.

Choose the Reference mode to reflect access restrictions from the external system in Salesforce.

Regardlessofsharingmode,filesinSalesforcedon’treflectfilerevisionsinexterna lsystems.However, Reference mode points to the latest versions in those systems. 2 Enable Salesforce Files Connect for Your Organization Files Connect for Administrators

Let Users and Administrators Access Files Connect Data Sources EDITIONS Available in: both Salesforce Classic and Lightning Experience Files Connect for cloud-based external data sources is available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To set permissions: • Customize Application To use Files Connect for on-premises external data sources: • API Enabled After you enable Files Connect, give users and administrators permission to access specific external data sources from Salesforce.

Tip: Thoughyoucanprovideaccesstodatasourcesviapermissionsetsorprofiles,permissio n sets let you more quickly adjust access for several types of users. Regardless of which method you choose, be sure to give administrators access so they can configure data sources. 1. FromSetup,enter Permission Sets inthe Quick Find box,thenselectPermission Sets or enter Profiles in the Quick Find box, then select Profiles. 2. Create a new permission set or profile, or click an existing one. If you use a permission set, User License must be set to the default option, “None.” 3. For a permission set, click System Permissions, then click Edit.

For a profile, click Edit, and scroll down to the Administrative Permissions section. 4. Do either of the following, and then click Save. • To access cloud-based data sources like SharePoint Online, select Files Connect Cloud. • To access on-premises data sources like SharePoint 2010 or 2013, select Files Connect On-premises. Note: The on-premises permission is available with a paid permission set license, “Files Connect for on-premises external data sources.” To enable Files Connect on-premises for a user: a. Assign the Files Connect license to the user. b. Create a permission set and add the “Files Connect On-premises” permission to it.

c. Assign the permission set to the user.

5. For a permission set, click Manage Assignments in the toolbar at the top of the page. Then click Add Assignments, select users for the permission set, and click Assign. Important: Include any administrators who need to configure external data sources. 6. If you haven’t already, define the external data sources for your organization: • Define an External Data Source for SharePoint Online or OneDrive for Business • Define an External Data Source for SharePoint 2010 or 2013 • Define an External Data Source for Google Drive • Define an External Data Source for Box • Define an External Data Source for Quip Note: If you select an identity type of Named Principal for the data source, skip the following steps.

But if you select Per User, read on.

7. In Setup, return to the detail page for the permission set or profile. Then do either of the following: • For a permission set, in the Apps section, click External Data Source Access. • For a profile, go to the Enabled External Data Source Access related list. 3 Let Users and Administrators Access Files Connect Data Sources Files Connect for Administrators

8. Click Edit, add specific data sources to the Enabled External Data Sources list, and click Save. (Users enter their credentials when they first access external data sources, or from their personal settings on theAuthentication Settings for External Systems page.) Create an Authentication Provider for Box EDITIONS Available in: Salesforce Classic Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To create authentication providers: • Customize Application AND Manage Auth.

Providers TouseBoxasanexternaldatasource,youmustcreateanauthenticationproviderforitin Salesforce. Tip: For detailed visuals, tips, and troubleshooting, see the Files Connect Setup Guide and User Guide.

Create an Authentication Provider in Salesforce 1. InSetup,enter Auth. Providers inthe Quick Find box,thenselectAuth.Providers. 2. Click New. 3. For Provider Type, select OpenID Connect, and then set the following options: • Name—Enter the name you want to appear in Salesforce. • URL Suffix—Enter a suffix you want to appear at the end of the URL path. By default, the suffix reflects the Name entry. • Consumer Key—Enter any placeholder value. You will fill this in after you create the Box application in Step 5.

• Consumer Secret—Enter any placeholder value. You will fill this in after you create the Box application in Step 5.

• Authorize Endpoint URL—Enter https://account.box.com/api/oauth2/authorize • Token Endpoint URL— Enter https://api.box.com/oauth2/token • User Info Endpoint URL— Leave empty. • Default Scopes—Leave empty. 4. Click Save. Then, at the bottom of the Auth. Provider detail page, copy the Callback URL entry to a text file. (You’ll use this when creating the Box application.) 5. Create a Box application. Then return to step 6. 6. When you have created the Box application, edit the Salesforce Auth Provider and replace the following values with those from the Box app.

• Consumer.Key: the Box client_id. • Consumer.Secret: the Box client_secret. 7. Click Save. Your Box authentication provider is now ready to be used. Create a Box Application 1. Using the credentials of your Box admin account, log in to https://app.box.com/developers/services. 2. Click Create a Box Application. 4 Create an Authentication Provider for Box Files Connect for Administrators

3. Enter a project name, select Box content, and click Create Application. 4. Click Configure your application. 5. In the redirect_uri field, paste the Salesforce callback URL specified in the OAuth2 specification.

6. Copy the client_id and client_secret values to a text file. Enter these values at step 6 of Create an Authentication Provider in Salesforce. Define an External Data Source for Box EDITIONS Available in: both Salesforce Classic and Lightning Experience Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To define an external data source: • Customize Application Let users access their Box content from Files home, feed posts, and search. 1. FromSetupinSalesforceClassic,enter External Data Sources inthe Quick Find box, then select External Data Sources.

2. Click New External Data Source. Then set the following options. Description Field A user-friendly name for the data source displayed in the Salesforce user interface. Label A unique identifier used to refer to this external data source definition through the API. The Name field can contain only underscores and alphanumeric characters. It must be unique, begin with a letter, not include spaces, not end with an underscore, andnotcontaintwoconsecutiveunderscores. Name Choose Files Connect: Box Type The identity type used to authenticate to the external data source.

SelectPerUsertorequireseparatecredentials for each user who accesses the data source.

Identity Type (Administrators must enable the data source for specific permission sets and profiles. Users then enter their credentials when first accessing the data source.) The protocol used to access Box. Select OAuth 2.0. Authentication Protocol Enter the Box Authentication Provider. Authentication Provider Leave blank. Scope Selecttoimmediatelytestthesettingsabove. Start Authentication Flow on Save 5 Define an External Data Source for Box Files Connect for Administrators

Create an Authentication Provider for Google Drive EDITIONS Available in: Salesforce Classic Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To create authentication providers: • Customize Application AND Manage Auth. Providers To use Google Drive as an external data source, you must create an authentication provider for it in Salesforce. The process begins with creating a related project in the Google Developers console. Tip: For detailed visuals, tips, and troubleshooting, see the Files Connect Setup Guide and User Guide.

Create a Project in the Google Developers Console 1.

Using the credentials of your Google App for Work admin account, log in to https://console.cloud.google.com. 2. In the title bar, expand Go to Project and click Create Project. 3. Enter a project name, and click Create. 4. In the project dashboard, click the menu icon in the top left, then click API Manager. 5. In the API manager, go to the Google APIs tab and search for Google Drive API. 6. Click Google Drive API in the search results, then click Enable API. 7. Click Credentials, located in the left-hand menu. 8. In the OAuth Consent Screen tab, enter a valid email address and product name.

Then click Save.

9. In the Credentials tab, click Add credentials and select OAuth client ID. 10. Select Web application and click Create. 11. CopytheclientIDandclientsecretvaluestoatextfile.You’llusethesevalueswhencre atinganauthenticationproviderinSalesforce. Create an Authentication Provider in Salesforce 1. In Setup, enter Auth. Providers in the Quick Find box, then select Auth. Providers. 2. Click New. 3. For Provider Type, select OpenID Connect, and then set the following options: • Name—Enter the name you want to appear in Salesforce. • URL Suffix—Enter the suffix at the end of the URL path. For example, in the path, https://login.salesforce.com/services/authcallback/00Dx00000000001/MyGoogle Provider, the suffix is “MyGoogleProvider” • Consumer Key—Enter the client ID you copied when creating the Google project.

• Consumer Secret—Enter the client secret you copied when creating the Google project. • Authorize Endpoint URL—Enter https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prom pt=force • Token Endpoint URL— Enter https://accounts.google.com/o/oauth2/token • Default Scopes—Enter openid email profile https://www.googleapis.com/auth/drive 4. Click Save. Then, at the bottom of the Auth. Provider detail page, copy the Callback URL entry to a text file. (You’ll use this when editing the Google project.) 6 Create an Authentication Provider for Google Drive Files Connect for Administrators

Edit the Project in the Google Developer Console 1. In the API Manager, click Credentials, located in the left-hand menu. 2. Click on the previously created Web application. 3. In the Authorized Redirect URIs section, add the Callback URL you copied when creating the authentication provider in Salesforce. 4. Click Save. Define an External Data Source for Google Drive EDITIONS Available in: both Salesforce Classic and Lightning Experience Available in: Professional, Enterprise, Performance, Unlimited, and Developer Editions USER PERMISSIONS To define an external data source: • Customize Application Let Chatter users access their Google Drive content from the Files tab, feed posts, and search.

Salesforce supports Google documents, spreadsheets, presentations, and drawings. 1. From Setup, enter External Data Sources in the Quick Find box, then select External Data Sources.

2. Click New External Data Source. Then set the following options. Description Field A user-friendly name for the data source displayed in the Salesforce user interface. Label A unique identifier used to refer to this external data source definition through the API. The Name field can contain only underscores and alphanumeric characters. It must be unique, begin with a letter, not include spaces, not end with an underscore, andnotcontaintwoconsecutiveunderscores. Name Choose Files Connect: Google Drive Type The identity type used to authenticate to the external data source.

SelectPerUsertorequireseparatecredentials for each user who accesses the data source.

Identity Type (Administrators must enable the data source for specific permission sets and profiles. Users then enter their credentials when first accessing the data source..) Select Named Principal to use the same set of credentials for every user who accesses the data source from Salesforce. The protocol used to access Google Drive. Select OAuth 2.0. Authentication Protocol Enter the Google Drive authentication provider. Authentication Provider 7 Define an External Data Source for Google Drive Files Connect for Administrators